KR20200087666A - Ami device, integrity verification system and method thereof - Google Patents

Abstract

Disclosed are an advanced metering infrastructure (AMI) device, an AMI device integrity verification system, and an integrity verification method thereof. According to the present invention, an AMI device for power meter reading capable of verifying the integrity comprises at least one chip and a central processing unit which controls the at least one chip. The central processing unit generates an integrity hash value based on hardware information of the AMI device including information of the chip, and transmits transaction data by encrypting the integrity hash value.

Description

AMI device and AMI device integrity verification system and integrity verification method{AMI DEVICE, INTEGRITY VERIFICATION SYSTEM AND METHOD THEREOF}

The present invention is an AMI device, an integrity verification system and an integrity verification method of an AMI device, and more specifically, in order to prepare for forgery and failure of the AMI (Advanced Metering Infrastructure) device and the AMI device for remotely reading electricity. It relates to a system and method for verifying the integrity of an AMI device using a blockchain.

AMI (Advanced Metering Infrastructure) is a generic term for devices and systems that digitize an existing analog meter and connect it to a communication network to measure and analyze the power of the power generation and receiving ends in real time. These AMIs are the core technologies for the construction of intelligent power grids such as Energy Management System (EMS), Energy Storage System (ESS), Virtual Power Plant (VPP), and P2P power trading.

Actual power energy is distributed to end customers through the power system. The electric power system generally refers to a system consisting of a power generation facility for generating electric power, a transmission and distribution facility such as a transmission line substation, and a distribution line, and a power receiving facility for consuming power distributed and distributed in a general home or factory.

The amount of power of the grid points of the power system (eg, power plant, step-up substation, primary and secondary step-down substation, transformer, power receiving stage, etc.) may be converted into digital information through an AMI device. The digital information of the converted power can be propagated through a communication network. That is, the path of physical power and the path of digital information of power may be different paths. If the power measurement through the AMI device is not correct, the actual power generation and power consumption and power information on the network become inconsistent, which may cause a problem of deteriorating the reliability of the intelligent power grid.

In recent years, data integrity has emerged as an important issue to ensure this reliability. Each industry is focusing on blockchain among various technologies to ensure data integrity. Although it is often considered that the blockchain is a technology specialized in the transmission of digital information, the blockchain is characterized by the entire system guaranteeing data integrity against forgery and alteration of data registered in the blockchain system.

For this reason, efforts have been made to apply blockchain to each industrial system. However, in the system that applied the conventional blockchain, only the upper system was applied with the blockchain. If the entire system is not connected organically through the blockchain, the data integrity of the part where the blockchain is not applied is not guaranteed.

In the case of an intelligent power grid to which a block chain has been applied, the block chain is applied only to the upper system. In the intelligent power grid, data reliability is very important. As in the prior art, the application of a partial blockchain rather than the entire system has a problem that the blockchain cannot guarantee the data integrity of the AMI portion where the blockchain is not applied.

KR 10-1527353 (2015. 06. 09.)

The present invention is intended to solve the above-mentioned problems, and has an object to ensure hardware integrity against firmware, chip and circuit modifications and failures by blockchaining hardware information.

In addition, the aim is to configure the AMI device in the blockchain system to ensure the integrity of the entire AMI device system.

Also, it aims to prevent physical failures and forgery of power information that can occur by blockchaining normal power measurement information.

An AMI (Advanced Metering Infrastructure) device for checking the amount of power capable of integrity verification according to an embodiment of the present invention includes at least one chip and a central processing unit controlling the at least one chip, wherein the central processing unit comprises: An integrity hash value may be generated based on hardware information of the AMI device including chip information, and transaction data encrypted with the integrity hash value may be transmitted.

Further, the hardware information may further include one or more of firmware information and circuit inspection information of the AMI device.

In addition, the central processing unit may encrypt the integrity hash value using the private key of the AMI device and the public key of the verification node connected to the AMI device in a network.

Further, the firmware information may include one or more of version information of the firmware, one or more parameter values, and representative values for one or more functions.

Further, the information of the chip may include a physical unclonable function (PUF) value of the chip.

In addition, the central processing unit generates a forged forged hash value using the firmware hash value generated based on the firmware information and the chip hash value generated based on the information of the chip, and the forged hash value and the circuit check information are generated. The integrity hash value may be generated by using the failure diagnosis hash value generated as a basis.

In addition, the transaction data may be generated by encrypting the integrity hash value with a private key of the AMI device, converting it into a signature value, and encrypting the signature value with a public key of the verification node.

In addition, the AMI device is a sensor for measuring the amount of power, a switch for selectively passing the power signal or the reference signal measured by the sensor, and converts the power signal or the reference signal passed by the switch into a digital signal to the central processing unit It may include an ADC (Analog to Digital Converter) to transmit and a communication module for transmitting the transaction data generated by the central processing unit and receiving an external control signal.

In addition, the AMI device operates in a normal mode in which the switch passes the power signal or a verification mode in which the switch passes the reference signal, and the verification mode is the central processing unit corresponding to the integrity verification request of the verification node. It can operate according to the control signal.

An AMI device integrity verification system for verifying the integrity of an AMI (Advanced Metering Infrastructure) device for a block-chain-based power meter reading according to an embodiment of the present invention includes at least one AMI device including a central processing unit and a network with the AMI device It includes a plurality of blockchain nodes connected to the request for verification of the integrity of the AMI device, the central processing unit of the AMI device is integrity based on one or more of the firmware information of the AMI device, chip information and circuit inspection information A hash value may be generated, and the integrity hash value may be encrypted using the private key of the AMI device and the public key of the blockchain node and transmitted as transaction data to the blockchain node.

In addition, the blockchain node converts the transaction data into the integrity hash value by decryption using the private key of the blockchain node and the public key of the AMI device, and compares it with a reference hash value of the previously stored AMI device. As a result of encrypting the data using the private key of the blockchain node, transaction data can be generated, and the resulting transaction data can be transmitted to the block creation node among the blockchain nodes.

In addition, at least one of the block generation nodes generates a block according to a block generation rule according to a consensus algorithm, propagates the block to the blockchain node, and each of the blockchain nodes is a result value when the result data matches. Communication with the AMI device may be maintained, and communication with the AMI device may be stopped if the result is a mismatch.

A method of verifying the integrity of an AMI (Advanced Metering Infrastructure) device for power meter reading by using a blockchain according to an embodiment of the present invention is based on the hardware hash information including the chip information of the AMI device integrity hash value A first step of generating, the second step of encrypting the integrity hash value with the private key of the AMI device and the public key of the verification node of the blockchain, the communication protocol based on the integrity hash value encrypted in the second step A third step of generating transaction data according to the data and transmitting the transaction data to the verification node; a fourth step of decrypting the transaction data with the verification node's private key and the public key of the AMI device and converting the transaction data into the integrity hash value; A fifth step of encrypting the result data compared with the reference hash value with the private key of the verification node and generating the result transaction data according to the communication protocol based on the result data encrypted in the fifth step, one or more of the blockchain It may include a sixth step of transmitting to the block generation node.

In addition, a seventh step of generating a block with a block generation rule according to the consensus algorithm, and propagating the generated block to one or more nodes of the blockchain, if the result data is a match result, each of the block chains The node may further include step 8-1 of maintaining communication with the AMI device, or step 8-2 of each blockchain node stopping communication with the AMI device if the result data is an inconsistent result value. .

Further, the hardware information further includes firmware information and circuit inspection information of the AMI device, and the first step is a firmware hash value based on the firmware information and a chip hash value and the circuit inspection based on the chip information. Step 1-1 of generating a fault diagnosis hash value based on information, Steps 1-2 of generating a forgery hash value using the firmware hash value and the chip hash value, and the forgery hash value and the fault diagnosis hash A first to third step of generating the integrity hash value using a value may be included.

In addition, the third step is a step 3-1 of encrypting the integrity hash value with the private key of the AMI device and converting it into a signature value, and generating the transaction data by encrypting the signature value with the public key of the verification node. Step 3-2 may be included.

Further, the information of the chip may include a physical unclonable function (PUF) value of the chip.

The AMI device, the AMI device integrity verification system, and the integrity verification method according to an embodiment of the present invention can block hardware information to ensure hardware integrity for firmware, chip and circuit modifications, and failures.

In addition, the AMI device can be configured in the blockchain system to ensure the integrity of the entire AMI device system.

In addition, it is possible to prevent physical failures and forgery of power information that may occur by blockchaining normal power measurement information.

1 is a view showing an AMI device installed on the consumer side according to an embodiment of the present invention.
2 is a block diagram showing the configuration of an AMI device according to an embodiment of the present invention.
3 is a block diagram showing a schematic configuration of an AMI device integrity verification system according to an embodiment of the present invention.
4 is a diagram illustrating an integrity verification processing procedure of an AMI device according to an embodiment of the present invention.
5 is a view showing a voltage signal passing through according to a mode change of a switch according to an embodiment of the present invention.
6 is a view showing a hashtree structure for generating an integrity hash value according to an embodiment of the present invention.
7 is a diagram illustrating a procedure for verifying the integrity of a blockchain node according to an embodiment of the present invention.
8 is a view showing a modulated hashtree structure according to an embodiment of the present invention.
9 is a flowchart of an AMI device integrity verification method according to an embodiment of the present invention.
10 is a flowchart illustrating a step of generating an integrity hash value according to an embodiment of the present invention.
11 is a flowchart illustrating a step of encrypting using an asymmetric key according to an embodiment of the present invention.
12 is a flowchart of an AMI device integrity verification method according to an embodiment of the present invention.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings so that those skilled in the art to which the present invention pertains can easily practice. However, the present invention can be implemented in many different forms and is not limited to the embodiments described herein. In addition, in order to clearly describe an embodiment of the present invention in the drawings, parts irrelevant to the description are omitted.

The terms used in this specification are only used to describe specific embodiments, and are not intended to limit the present invention. Singular expressions may include plural expressions unless the context clearly indicates otherwise.

In the present specification, terms such as “include”, “have” or “have” are intended to designate the existence of features, numbers, steps, operations, components, parts, or combinations thereof described in the specification, one Or further features or numbers, steps, operations, components, parts, or combinations thereof, may be understood as not precluding the possibility of being added.

In addition, the components shown in the embodiments of the present invention are shown independently to represent different characteristic functions, and do not mean that each component is composed of separate hardware or one software component unit. That is, for convenience of description, each component is listed as each component, and at least two components of each component may be combined to form one component, or one component may be divided into a plurality of components to perform a function. The integrated and separated embodiments of each of these components are also included in the scope of the present invention without departing from the essence of the present invention.

In addition, the following embodiments are provided to more clearly explain to those of ordinary skill in the art, and the shapes and sizes of elements in the drawings may be exaggerated for more clear explanation.

Hereinafter, preferred embodiments of the present invention will be described with reference to the accompanying drawings.

1 is a view showing an AMI device installed on the consumer side according to an embodiment of the present invention. The AMI device 100 shown in FIG. 1 is an apparatus installed at a point connected to a consumer side in a power provider line to measure the amount of power consumed by the consumer side. The case of FIG. 1 is a general case, and may be installed at the power generation company side rather than the customer side to measure the amount of power generation. Hereinafter, it will be described as an AMI device installed on the consumer side according to one embodiment. In general, the AMI device 100 is capable of two-way communication with a power provider, and is used as an important means for implementing and operating a demand response (DR) system based on mutual recognition between electricity providers and consumers, and various types of distributed power It is one of the components that can be used for the operation of the future intelligent power grid, such as information linkage with the system and distribution system.

The AMI (Advanced Metering Infrastructure) is an evolved form of a one-way remote meter reading system (AMR, Advanced Meter Reading) that actively saves energy through demand response between consumers and electric energy providers through two-way data communication between power producers and power consumers. It is an infrastructure system that induces and manages energy on the consumer side.

2 is a block diagram showing the configuration of an AMI device according to an embodiment of the present invention. Referring to FIG. 2, the AMI device 100 according to an embodiment of the present invention may include one or more chips and a central processing unit 123. The chip may include a sensor 110, a switch 121, an analog to digital converter (ADC) 122, a central processing unit 123, a reference circuit 130, and a communication module 140.

As shown in FIG. 1, the sensor 110 may measure power consumption at the consumer side and convert it into a power signal. The power signal may be an analog signal or a digital signal, and may be transmitted to the switch 121. The switch 121 may selectively pass the power signal or the reference signal. The ADC (Analog to Digital Converter, 122) may convert the power signal or the reference signal passed by the switch 121 into a digital signal and transmit it to the central processing unit 123. The central processing unit 123 may control the selective passage of the power signal or the reference signal of the switch 121, and may generate transaction data to verify the integrity of the AMI device 100. The central processing unit 123 may transmit the generated transaction data to the communication module 140, and the communication module 140 connected to the network may transmit the transaction data to a blockchain node (see FIG. 3). The blockchain node will be described later in FIG. 3. In addition, the communication module 140 may receive an external control signal transmitted from the network and transmit it to the central processing unit 123.

Here, the switch 121, the ADC 122, and the central processing unit 123 may be provided as separate elements or may be integrated into the control unit 120 to be provided as one micro controller unit (MCU).

The AMI device 100 may operate in a normal mode or a verification mode. The normal mode is a mode for reading the amount of power consumed by the consumer, and the switch 121 may pass the power signal and send it to the ADC 122. The verification mode is a mode for verifying the integrity of the AMI device 100, and the switch 121 may block the passage of the power signal of the sensor 110 and pass the reference signal of the reference circuit 130. The normal mode or the verification mode may be converted into a control signal of the central processing unit 123.

3 is a block diagram showing a schematic configuration of an AMI device integrity verification system according to an embodiment of the present invention. Referring to FIG. 3, an AMI device integrity verification system according to an embodiment of the present invention may include a blockchain system composed of a plurality of nodes connected to a network with a client including the AMI device 100. The plurality of nodes may be blockchain nodes, and each of the blockchain nodes may have a distributed ledger including a record of the amount of power measured by each of the plurality of AMI devices 100. In addition, each of the blockchain nodes can be divided into a verification node 200, a block generation node 300, and a general node 400 according to functions on the blockchain system, but the verification node 200 on the blockchain , The block generation node 300 and the general node 400 are not fixed, and their roles may be exchanged or duplicated.

The AMI device 100 can be connected to the blockchain node through the communication module 140. The AMI device 100 illustrated in FIG. 3 is connected to the verification node 200, but is not limited thereto. Preferably, the AMI device 100 may be included as a node on the blockchain system, and a plurality of AMI devices 100 are also the blockchain node, such as a verification node 200, a block generation node 300, and a general node 400. ) And each other.

The verification node 200 may request integrity verification for the AMI device 100 and verify data responsive to the request. The block creation node 300 may create a new block (ledger) that can be organically connected to existing blocks by bundling the transaction data verified and signed by the verification node 200 in a certain unit. The generated block is propagated to the general node 400, and the general node 400 can connect the generated node with an existing block.

4 is a diagram illustrating an integrity verification processing procedure of an AMI device according to an embodiment of the present invention. Referring to FIG. 4, integrity verification of the AMI device 100 may be started according to a device integrity verification request of the verification node 200 shown in FIG. 3. When the AMI device 100 receives a request for verifying the integrity of the verification node 200, the central processing unit 123 may operate in the verification mode. The central processing unit 123 may generate an integrity hash value based on one or more of the firmware information 151 of the AMI device 100, the information 152 of the chip, and the circuit inspection information 153.

The firmware information 151 is a status information parameter that can be confirmed when a parameter that may be artificially manipulated for a specific purpose from outside or an installation state is changed, is information obtained for generating hassle in the firmware. Can. For example, firmware version information, device unique management number, device IP/port information, node/server IP/port information, ADC sensor correction value (offset value), threshold comparison value of self-check function for fault determination , Fault code list, MCU log record of external debugging equipment.

The chip information 152 may be a physical unclonable function (PUF) value of a chip constituting the AMI device 100. PUF value refers to a random digital value that is difficult to predict implemented inside a chip by using a process deviation occurring in a semiconductor manufacturing process. PUF values cannot be copied because unpredictable values are output in hardware. In general, they have the same circuit and the same mask layout, and even in the same process, they differ in many parts, such as device characteristics such as transistors, capacitors, resistors, or circuit characteristics such as gate delay due to process variations that occur due to semiconductor manufacturing process characteristics. Occurs. Due to this difference, each bit has a different bit value, and the determined value is used as unique information for the chip because it outputs the same value each time it is generated, unlike the random number generator. Since the generated value is a value generated inside the chip, it is possible to generate data on its own without external manipulation, which has the advantage of fundamentally blocking leakage to the outside of the chip. Also, it is difficult to read the PUF value for a physical security attack.

The circuit check information 153 may be information on whether or not there is an abnormality in the signal flow leading to the voltage signal of the sensor 110, the filter, the ADC 122, and the central processing unit 123. The circuit check may be for self-diagnosing the occurrence of a failure in the relevant part by artificially manipulating the value to be read by applying self-disturbance from the outside or by installing several passive elements in the filter part, or due to poor management and aging. To this end, the reference circuit 130 may generate a fixed or predetermined variable voltage signal, that is, a reference signal. The reference circuit 130 transmits a reference signal to the switch 121, and the switch 121 can pass the reference signal. At this time, the central processing unit 123 sends a control signal so that the switch 121 operates in the verification mode, and accordingly, the switch 121 operates in the verification mode to pass the reference signal.

5 is a view showing a voltage signal passing through according to a mode change of a switch according to an embodiment of the present invention. Referring to FIG. 5, when the switch 121 is in the normal mode, the commercial voltage is measured, and when the switch 121 is switched to the verification mode due to the control signal of the central processing unit 123, the commercial voltage signal is blocked and the reference circuit It can be seen that the reference signal of 130 passes.

The central processing unit 123 may measure the result value of the reference signal that has passed through the switch 121 and compare it with the recorded value measured as the reference signal in the factory state. In addition, if the result of comparison between the result value and the record value is within an error range, the central processing unit 123 may determine whether a failure has occurred normally if an error is out of the error range and include it in the circuit inspection information. In addition, the central processing unit 123 may determine an abnormal type according to a distortion form of a measured waveform and include it in circuit inspection information.

6 is a view showing a hashtree structure for generating an integrity hash value according to an embodiment of the present invention. 4 and 6, the central processing unit 123 may generate a hashtree 166 structure composed of a plurality of hash values. The hashtree structure is a structure in which each hash value is generated based on one or more basis information to finally generate one hash value. In one embodiment of the present invention, the base information may be firmware information 151, chip information 152, and circuit check information 153, and hash conversion of each of these pieces of information in stages to produce a final firmware hash value 161. , A chip hash value 162 and a failure diagnosis hash value 163 may be generated. Further, the generated hash value 161, the chip hash value 162, and the failure diagnosis hash value 163 may also generate a final hash value, that is, an integrity hash value 165, in a hashtree structure. The central processing unit 123 may simultaneously generate the firmware hash value 161, the chip hash value 162, and the failure diagnosis hash value 163, or separately according to a predetermined order.

According to an embodiment, the basis information of the firmware information 151 is a device unique ID value, firmware version information, and IP/port information, and the basis information of the chip information 152 is a central processing unit PUF and ADC PUF, and circuit inspection information. The basis information of 153 may be a fault code. As mentioned above, each of the base information may further include other information. The central processing unit 123 may generate a firmware hash value 161, a chip hash value 162, and a failure diagnosis hash value 163 according to each of the basis information. As shown in FIG. 6, the central processing unit 123 may hash the device unique ID value 151a, the firmware version information 151b, and the IP/port information 151c, respectively, to generate a corresponding hash value. . That is, the central processing unit 123 is 0x6660AA0D...(161a) as the device unique ID value 151a, 0x0CB21B56...(161b) as the firmware version information 151b, and 0x3FB8AFE3 as the IP/port information 151c. ...(161c) can be generated. Here, the length of the hash value is not limited, and for convenience of description, the front 8 digits are written and the rear digits are omitted. A SHA-256 function can be used as the hash conversion function, and 64 bits of hash value can be generated in 256 bits, that is, hexadecimal.

The central processing unit 123 may generate a hash value of 0x33533960...(161d) based on the generated 0x6660AA0D...(161a) and 0x0CB21B56...(161b). In addition, the central processing unit 123 may generate 0x26146AD2...(161e) based on the generated 0x33533960...(161d) and 0x3FB8AFE3...(161c). The generated 0x26146AD2...(161e) is a final hash value generated based on the firmware information 151 and may correspond to the firmware hash value 161 of FIG. 4.

In the same way, the central processing unit 123 hash transforms based on the chip information 152, that is, the central processing unit PUF value 152a and the ADC PUF value 152b, respectively, 0x50F561B1...(162a) and 0x912E0459. .(162b). And the central processing unit 123 may generate a 0x853E1B15...(162c) by hash transform based on the generated 0x50F561B1...(162a) and 0x912E0459...(162b), and the corresponding 0x853E1B15...(162c) ) May be a chip hash value 162. In addition, the central processing unit 123 may generate a 0xC3448CC4...(163a) by hash transformation based on the failure code value 153a, and the generated 0xC3448CC4...(163a) has a final failure diagnosis hash value 163 ).

The central processing unit 123 based on the generated firmware hash values (161, 0x26146AD2...(161e)) and chip hash values (162, 0x853E1B15...(162c)), forgery forged hash values (164, 0x17376195... (164a)). Subsequently, the central processing unit 123 based on the generated forged hash values (164, 0x17376195...(164a)) and fault diagnosis hash values (163, 0xC3448CC4...(163a)) hash values (165, 0xEE6F43F5) ...(165a)). In this way, generating each hash value from the base information and compressing it stepwise to generate one hash value is called a hashtree structure, and the hashley 166a generated by the central processing unit 123 is the integrity hash value finally generated. (165, 0xEE6F43F5...(165a)) may be information about a process that is generated to include firmware information 151, chip information 152, and circuit check information 153.

The central processing unit 123 may generate the transaction data by encrypting the generated integrity hash value 165 with the private key of the AMI device 100 and the public key of the verification node 200. The private key and public key can be made in a pair. In addition, each AMI device 100 and the verification node 200 may be provided with a pair of private and public keys.

The private key can be generated with a random random value of 256 bits in size through a pseudo-random number generator. For example, the private key expressed in hexadecimal may be in the form of '1E99423A4ED2...6AEDD'. The private key generated in this pair can be input to an elliptic curve algorithm to generate a corresponding public key. When the private key and public key pair are generated, they are assigned to the AMI device 100 and the verification node 200, and the public key can be shared with all participants (nodes) participating in the system.

The private key of the AMI device 100 may be inserted into the firmware of the AMI device 100 at the time of shipment from the factory or mounted on a hardware-type security module. When shipped, a lock on a chip to which the corresponding private key is input can be set, and the private key of the AMI device 100 can be protected from external leakage through the lock.

When the encryption process is described in more detail, the central processing unit 123 may digitally sign the integrity hash value 165 using the AMI device private key 171a. The digitally signed data can be encrypted once more using the verification node public key 172b. In addition, transaction data 181 for transmitting the corresponding data may be generated using a mutually promised communication protocol on the network.

The communication module 140 may transmit the transaction data 181 to the verification node 200 requesting verification.

7 is a diagram illustrating a procedure for verifying the integrity of a blockchain node according to an embodiment of the present invention. Referring to FIG. 7, the transaction transmitted by the AMI device 100 may be received by the verification node 200 shown in FIG. 3. The verification node 200 may decrypt the transmitted transaction data 181 with the verification node private key 172a. In addition, the verification node 200 may confirm that the decrypted data is data transmitted by the AMI device 100 by confirming an electronic signature using the AMI device public key 171b. Data decrypted with the verification node private key 172a and the AMI device public key 171b may be an integrity hash value 165.

The verification node 200 may compare the decrypted integrity hash value 165 with the pure integrity hash value (hereinafter referred to as the reference hash value 167) of the AMI device 100 previously registered at the factory. In order to record the result data that has been compared to the distributed ledger of the blockchain, the verification node 200 can sign the result of encrypting the compared result value with the verification node private key 172a, and mutually promised communication protocol on the network. Result transaction data 182 for transmitting the corresponding result data may be generated using. The verification node 200 may transmit the generated result transaction data 182 to one or more block generation nodes 300 shown in FIG. 3. Each block generation node 300 may generate a block 220 according to the block generation rule according to the consensus algorithm after further receiving the transaction 183 for another purpose, which is received from another node for a certain period of time.

Here, the consensus algorithm includes Proof of Work (PoW), equilibrium Proof of Work (ePoW), Dual Proof of Work (DPoW), Proof of Stake (PoS), and Wooro Boro's Proof of Stake (OPoS), Leased Proof of Stake (LPoS), Delegated Proof of Stake (DPoS), Dual Delegated Proof of Stake (DDPoS), Hyper-DPoS, Hyper-DPoS, Proof of Formulation (PoF), Proof of Forkability (PoF), Proof of Activity (PoA), Proof of Trading (PoT) ), Proof of Burn (PoB), Proof of Brain (PoB), Proof of Importance (PoI), Proof of Believability (PoB), Proof of Flow (PoF) ), Proof of Authority (PoA), Proof of Storage (PoS), Proof of Space, PoET (Proof of Elapsed Time), and Practical Byzantine Failure (PBFT, Practical Byzantine Fault Tolerance).

The generated block 220 may propagate to one or more general nodes 400 constituting the blockchain node network shown in FIG. 3. Each general node 400 that has received the block 220 can form a chain structure with the previously recorded block, and when the chain structure is formed, the corresponding information recording in the blockchain system can be completed. At this time, each general node 400 may query the propagated result data. The general node 400 may define the corresponding AMI device 100 as a trusted device and maintain the connection if the searched result data is a matched result value. If the inquired result data is inconsistent result value, the corresponding AMI device 100 can be defined as an untrusted device, and the connection with the corresponding AMI device 100 can be stopped, and the result data is transmitted to the management system or an alarm is issued. Can give. The management system may access the AMI device 100 remotely or directly to analyze the hashtree and determine the cause and take action.

8 is a diagram illustrating a modulated hastery structure according to an embodiment of the present invention. Referring to FIG. 8, the final hash value (root hash value) of the hashley 166a may be changed in the entirety of the last hash value even with a single change of the hash value. The example shown in FIG. 8 is a case where the central processing unit PUF values 152a and 0xAC048B64 shown in FIG. 6 are changed to 0xAC048B65 (152c) for some reason. In this case, the final hash value transmitted to the verification node 200 according to the hashtree structure, that is, the integrity hash value (165, 0xEE6F43F5??) of FIG. 6 is changed to 0x4BA1AAD1...(165b) as shown in FIG. Can be sent. The verification node 200 generates inconsistent result data as the result transaction data 182 through comparison of the transmitted hash value 165b with the reference hash value 167, and transmits the result data to the block generation node 300. The generation node 300 may propagate the block 220 including the inconsistent result data to the plurality of general nodes 400. Since the plurality of general nodes 400 have inquired data, the corresponding AMI device 100 may be defined as an untrusted device and the connection may be terminated. Subsequently, the management system can analyze the transmitted hashtry 166b to determine the cause.

The transaction data 181 transmitted from the AMI device 100 to the verification node 200 may include a hashley, which is a process in which the final hash value is generated along with the final hash value (integral hash value 165). The management system may analyze the hashley 166b of the final hash value that is determined to be inconsistent and the hashley 166a of the reference hash value 167 while comparing stepwise. From the top, the inconsistent hash value can be traced and the reason and type of the change to the final hash value (0x4BA1AAD1...(165b)) can be analyzed. In the case shown in Figure 8, the management system integrity hash value (165b, 0x4BA1AAD1...), forged hash value (164b, 0x562EC6AE...), chip hash value (162e, 0x702AE534...), central processing unit PUF hash The values (162d, 0xA086ABE6...) and the central processing unit PUF values (152c, 0xAC048B65) can be tracked, and the central processing unit 123 can recognize that a forged situation has occurred, and can respond to this.

The AMI device and the AMI device integrity system according to an embodiment of the present invention compare a hash value generated based on each basis information of the AMI and a final hash value of each hash value with a reference hash value (pure integrity hash value) It is possible to ensure the factory initial integrity of the AMI device by checking whether the match. In addition, it is possible to reduce the computational load of the AMI device and the verification node by compressing, transmitting, and comparing the basis information by using each hash tree. In addition, since the hash conversion is not reversed, security concerns due to the leakage of the hash value can be disregarded, and each of the base information includes firmware information, chip information, and circuit inspection information, so as well as hardware integrity as well as software level The integrity of the column can be guaranteed at the same time.

In addition, since the database is managed through the blockchain, the integrity of the data can be guaranteed by the consensus algorithm of the participants constituting the blockchain.

Therefore, the AMI device and the AMI device integrity system according to an embodiment of the present invention can ensure integrity from the software and hardware layers of the AMI to the layer that verifies the integrity by receiving the data from the AMI device and the database layer that manages data. It may be suitable for an intelligent power grid where reliability is key.

Hereinafter, an AMI device integrity verification method according to an embodiment of the present invention will be described. The AMI device integrity verification method is similar to the AMI device integrity verification system and will be briefly described.

9 is a flowchart of an AMI device integrity verification method according to an embodiment of the present invention. Referring to FIG. 9, a method of verifying the integrity of an AMI (Advanced Metering Infrastructure) device for power meter reading by using a blockchain generates an integrity hash value based on hardware information including information of a chip of the AMI device Step S910, encrypting the integrity hash value with the private key of the AMI device and the public key of the verification node of the blockchain (S920), generating transaction data according to the communication protocol based on the encrypted integrity hash value And transmitting to the verification node (S930), decrypting the transaction data with the verification node's private key and the public key of the AMI device to convert the integrity hash value (S940), and the reference hash value of the AMI device Encrypting the result data compared with the private key of the verification node (S950) and generating result transaction data according to a communication protocol based on the encrypted result data and transmitting it to one or more block generation nodes of the blockchain (S960).

10 is a flowchart illustrating a step of generating an integrity hash value according to an embodiment of the present invention. Referring to FIG. 10, in step S910, a firmware hash value is generated based on the firmware information (S911), a chip hash value is generated based on the chip information (S912), and a fault diagnosis is performed based on circuit inspection information. It may include the step of generating a hash value (S913), the steps S911, S912 and S913 may be executed simultaneously or separately.

The chip information 152 may include a PUF value of the chip.

In addition, the step of generating a forged hash value using the firmware hash value and the chip hash value (S914) and the step of generating the integrity hash value using the forged hash value and the fault diagnosis hash value (S915) It may further include.

11 is a flowchart illustrating a step of encrypting using an asymmetric key according to an embodiment of the present invention. Referring to FIG. 11, encrypting the integrity hash value with the private key of the AMI device and converting it into a signature value (S931) and generating the transaction data by encrypting the signature value with the public key of the verification node (S932) ).

12 is a flowchart of an AMI device integrity verification method according to an embodiment of the present invention. Referring to FIG. 12, in the method for verifying the integrity of an AMI device according to an embodiment of the present invention, generating a block using a block creation rule according to an agreement algorithm and propagating the generated block to one or more nodes of the blockchain ( S970).

In step S980 of checking the result data, if the result data is a match result, each of the blockchain nodes maintains communication with the AMI device (S991) or if the result data is a mismatch result, each of the The blockchain node may further include stopping communication with the AMI device (S992).

Various embodiments described herein may be implemented by hardware, middleware, microcode, software, and/or combinations thereof. For example, various embodiments may include one or more on-demand semiconductors (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), field programmable gate arrays (FPGA) ), processors, controllers, microcontrollers, microprocessors, other electronic units designed to perform the functions presented herein, or combinations thereof.

Also, for example, various embodiments may be recorded or encoded in a computer-readable medium including instructions. Instructions stored or encoded on a computer-readable medium may cause a programmable processor or other processor to perform a method, such as when instructions are executed. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. The storage medium may be any available medium that can be accessed by a computer. For example, such a computer-readable medium may include RAM, ROM, EEPROM, CD-ROM or other optical disk storage medium, magnetic disk storage medium or other magnetic storage device or instructions or data accessible by a computer to a desired program code. It can include any other medium that can be used to transport or store in the form of structures.

Such hardware, software, firmware, etc. may be implemented within the same device or within separate devices to support various operations and functions described herein. Additionally, the components, units, modules, components, etc. described as “˜units” in the present invention may be implemented individually together as separate or interoperable logic devices. The depiction of different features for modules, units, etc. is intended to highlight different functional embodiments, and does not necessarily mean that they must be realized by individual hardware or software components. Rather, the functionality associated with one or more modules or units may be performed by separate hardware or software components or incorporated within common or separate hardware or software components.

Although the operations are shown in the drawings in a particular order, it should not be understood that these operations are performed in a specific order, or in a sequential order, to achieve the desired result, or that all the illustrated actions need to be performed. . In any environment, multitasking and parallel processing can be advantageous. Moreover, the division of various components in the above-described embodiments should not be understood as requiring such division in all embodiments, and the described components will generally be integrated together into a single software product or packaged into multiple software products. It should be understood that it can.

The present invention has been described with reference to the embodiments shown in the drawings, but these are merely exemplary, and those skilled in the art will understand that various modifications and equivalent other embodiments are possible therefrom. Therefore, the true technical protection scope of the present invention should be determined by the technical spirit of the appended claims.

100: AMI device 110: sensor
121: switch 122: ADC
123: central processing unit 130: reference circuit
140: communication module 200: verification node
300: block generation node 400: general node

Claims (17)

As an AMI (Advanced Metering Infrastructure) device for checking the amount of electricity capable of integrity verification,
One or more chips; And
It includes a central processing unit for controlling the one or more chips,
The central processing unit, AMI device that generates an integrity hash value based on the hardware information of the AMI device including the information of the chip and transmits the transaction data encrypted the integrity hash value.
According to claim 1,
The hardware information,
The AMI device further comprises at least one of firmware information and circuit inspection information of the AMI device.
According to claim 1,
The central processing unit,
An AMI device that encrypts the integrity hash value using a private key of the AMI device and a public key of a verification node networked with the AMI device.
According to claim 2,
The firmware information,
An AMI device comprising one or more of version information of the firmware, one or more parameter values, and representative values for one or more functions.
According to claim 1,
The information of the chip,
An AMI device that includes a Physical Unclonable Function (PUF) value of the chip.
According to claim 2,
The central processing unit,
A forged forged hash value is generated by using the firmware hash value generated based on the firmware information and the chip hash value generated based on the chip information,
An AMI device for generating the integrity hash value using the forgery hash value generated based on the forgery and hash value and the circuit check information.
According to claim 3,
The transaction data,
AMI device that encrypts the integrity hash value with the private key of the AMI device, converts it into a signature value, and generates the signature value by encrypting it with the public key of the verification node.
According to claim 1,
Sensor for measuring the amount of power;
A switch for selectively passing a power signal or a reference signal measured by the sensor;
An ADC (Analog to Digital Converter) that converts the power signal or the reference signal passed by the switch into a digital signal and transmits it to the central processing unit; And
And a communication module for transmitting the transaction data generated by the central processing unit and receiving an external control signal.
The method of claim 8,
The AMI device,
The switch operates in a normal mode in which the power signal passes, or in a verification mode in which the switch passes the reference signal,
The verification mode is an AMI device that operates according to the control signal of the central processing unit corresponding to the verification request of the integrity of the verification node.
AMI device integrity verification system that verifies the integrity of AMI (Advanced Metering Infrastructure) devices for blockchain-based electricity meter reading,
At least one AMI device including a central processing unit; And
A plurality of blockchain nodes, each of which is a blockchain node connected to the network with one or more of the one or more AMI devices; includes,
The central processing unit of the AMI device generates an integrity hash value based on one or more of firmware information, chip information, and circuit check information of the AMI device, and the integrity hash value is the private key of the AMI device and the AMI. AMI device integrity verification system that encrypts using the public key of the blockchain node that requested device integrity verification and transmits it as transaction data to the blockchain node.
The method of claim 10,
The blockchain node,
The transaction data is converted into the integrity hash value by decryption using the private key of the blockchain node and the public key of the AMI device, and compared with the reference hash value of the previously stored AMI device, and compares the result data with the blockchain node. AMI device integrity verification system that generates transaction data as a result of encryption using a private key, and transmits the resulting transaction data to a block generation node among the blockchain nodes.
The method of claim 11,
At least one block generation node,
Create a block with the block creation rules according to the consensus algorithm, propagate the block to the blockchain node,
Each of the blockchain nodes maintains communication with the AMI device if the result data matches, and stops communication with the AMI device if the result data is inconsistent.
As a method of verifying the integrity of an AMI (Advanced Metering Infrastructure) device for meter reading using a blockchain,
A first step of generating an integrity hash value based on hardware information including chip information of the AMI device;
A second step of encrypting the integrity hash value with the private key of the AMI device and the public key of the verification node of the blockchain;
A third step of generating transaction data according to a communication protocol based on the integrity hash value encrypted in the second step and transmitting it to the verification node;
A fourth step of decrypting the transaction data with the private key of the verification node and the public key of the AMI device and converting it into the integrity hash value;
A fifth step of encrypting the result data compared with the reference hash value of the AMI device with the private key of the verification node; And
And a sixth step of generating result transaction data according to a communication protocol based on the result data encrypted in the fifth step and transmitting the result transaction data to one or more block generation nodes of the blockchain.
The method of claim 13,
A seventh step of generating a block with a block generation rule according to the consensus algorithm, and propagating the generated block to one or more nodes of the blockchain,
A step 8-1 in which each of the blockchain nodes maintains communication with the AMI device if the result data is a match result value; or
If the result data is a result of the mismatch, each of the blockchain nodes further includes an 8-2 step of stopping communication with the AMI device.
The method of claim 13,
The hardware information further includes firmware information and circuit inspection information of the AMI device
The first step,
A first-first step of generating a fault hash value based on the firmware hash value, a chip hash value based on the chip information, and the circuit check information based on the firmware information;
A 1-2 step of generating a forged forged hash value using the firmware hash value and the chip hash value; And
And a step 1-3 of generating the integrity hash value using the forged forged hash value and the failure diagnosis hash value.
The method of claim 13,
The third step,
A 3-1 step of encrypting the integrity hash value with the private key of the AMI device and converting it into a signature value; And
And a step 3-2 of generating the transaction data by encrypting the signature value with the public key of the verification node.
The method of claim 13,
The information of the chip,
AMI device integrity verification method comprising the chip's PUF (Physical Unclonable Function) value.

Images